Security Weekly Productions

Google DeGoogled, Hammerbarn, Blofeld, VMWare, DeepData, SafePay, Josh Marpet and more on the Security Weekly News. https://bit.ly/41a4DO2 Visit https://lnkd.in/eUwRwbwF for all the latest episodes! Show Notes: https://lnkd.in/ehKwzpjC

The Sarbanes-Oxley (SOX) Act was a watershed moment in corporate governance, fundamentally altering how companies approached financial reporting and internal operational controls. By holding executives personally accountable for the accuracy of financial reports, SOX restored investor confidence in the wake of corporate malfeasance. The SEC's new cybersecurity rule represents a similar pursuit to restore investor confidence — this time for the digital age, centered on integrating cybersecurity into overall risk management. Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins Business Security Weekly to discuss the similarities between SOX and SEC's Cyber Rule. The SEC's cybersecurity rule introduced several vital requirements that build on the principles established by SOX, including: - Companies must report material cybersecurity incidents on Form 8-K, ensuring timely and transparent disclosure to investors. - Companies must provide regular updates on their cybersecurity risk management policies, the role of management in implementing these policies and the board's oversight of cybersecurity risks. - The rule encourages companies to disclose the cybersecurity expertise of their board members, highlighting the importance of informed oversight in managing cyber risks. - The rule requires cybersecurity disclosures to be presented in Inline Extensible Business Reporting Language, or Inline XBRL, ensuring consistency and comparability across filings. https://bit.ly/4fHHfMy This segment is sponsored by CyberSaint. Visit https://lnkd.in/e9YNxbfd to learn more about them!

This discussion compares and contrasts regional approaches to biometrics; examines the security challenges and benefits of their implementation; and reveals how biometrics holds the keys to a range of engagement models of the future. Andras Cser from Forrester Research dives into the technical end of things and explains how biometrics can be resilient to attack. We can't replace our fingerprints or faces, but as Andras explains, there's no need to, thanks to how biometrics actually work. Then, Enza takes us through the latest on privacy in biometrics - a concern for both consumers, and businesses tasked with complying with privacy regulations and avoiding costly fines. Finally, get a sneak peek into the upcoming Forrester Security & Risk Summit. Whether you're an industry professional or just curious about the implications of biometrics, this episode delivers insights you won't want to miss! https://bit.ly/498nSKa

In this week's interview, Melinda Marks' joins us to discuss her latest research. Her recent report (Modernizing Application Security to Scale for Cloud-Native Development) delves into many aspects and trends affecting AppSec as it matures, particularly in cloud-first organizations. We also discuss the fuzzy line between "cloud-native" AppSec and everything else that refuses to disappear, particularly for organizations that weren't born cloud-native and still have legacy workloads to worry about. Integrating security into the SDLC and CI/CD pipelines, infrastructure as code (IaC) trends, best of breed vs platform, and other aspects of AppSec get discussed as well! https://bit.ly/4eF6oGb Visit https://lnkd.in/eZrfEBJY for all the latest episodes! Show Notes: https://lnkd.in/eixcdnBA

In this heartfelt moment, Sivan Tehila, a former #CISO and now a passionate #entrepreneur, shares a powerful story about the drive to succeed. She opens up about how her 9-year-old daughter's simple question, "What are your goals, mom?" made her reflect on the importance of following your passion and never giving up. This clip will inspire you to chase your dreams, even on the toughest days! https://bit.ly/4eExEVn #Motivation #Entrepreneurship #Inspiration #MomsWhoLead

The vast majority of the folks working polls and elections are volunteers. This creates a significant training challenge. Not only do they have to learn how to perform a complex and potentially stressful job in a short amount of time (most training is one day or less), cybersecurity-related concerns are usually not included for individual poll locations and election workers. https://bit.ly/3O54wvw Kirsten Davies has a passion project that attempts to solve this, with some concise, accessible, and straightforward training material. It is made available through two PDFs on her new organization's website, https://lnkd.in/dY4K2qjZ Visit https://lnkd.in/eFKJWwZV for all the latest episodes! Show Notes: https://lnkd.in/ePYwJE34

Recall III: the Re-Re-Recalling, Russia, Win 10, Phish n Ships, Midnight Blizzard, Emerald Whale, Rob Allen, and More, on this edition of the Security Weekly News. https://bit.ly/3AOpPOS This segment is sponsored by ThreatLocker. Visit https://lnkd.in/eMvABg2 to learn more about them! Visit https://lnkd.in/eUwRwbwF for all the latest episodes! Show Notes: https://lnkd.in/gX_igGNa

After spending a decade working for #appsec vendors, Grant McKracken wanted to give something back. He saw a gap in the market for free or low-cost services for smaller organizations that have real appsec needs, but not a lot of means to pay for it. He founded DarkHorse, which offers #VDPs and bug bounties to organizations of all sizes for free, or for as low of cost as possible. While not a non-profit, the company's goal is to make these services as cheap as possible to increase accessibility for smaller or more budget-constrained organizations. The company has also introduced the concept of "fractional #pentesting", access to cyber talent when and how you need it, based on what you can afford. This implies services beyond just offensive security, something we'll dive deeper into in the interview. We don't see DarkHorse ever competing with the larger Bug Bounty platforms, but rather providing services to the organizations too small for the larger platforms to sell to. https://bit.ly/4hHt9w8 Visit https://lnkd.in/eZrfEBJY for all the latest episodes! Show Notes: https://lnkd.in/eTzXxHr5

Stewart and Trey join us to talk about driving cybersecurity policies for the nation, what makes a good policy, what makes a bad policy, supply chain research and policies, and overall how we shape policies that benefit cybersecurity. https://bit.ly/4elJFyT This segment is sponsored by Eclypsium, Inc. Visit https://lnkd.in/dUM_WMX to learn more about them! Show Notes: https://lnkd.in/ei4gjbi2

Have you ever had a pen tester own your network? Guessing the answer is yes. Well, let's talk with Julian Austin, vCISO at Thrive, about some of the simple ways you can avoid account compromises by strengthening your identity security through #MFA, least privilege, account reviews, and all the things! https://bit.ly/3YGjRrl This segment is sponsored by CyberArk. Visit https://lnkd.in/evCz-inF to learn more about them! This segment is sponsored by Saviynt. Please visit https://lnkd.in/emyafa5s to learn more and get a free demo! This segment is sponsored by Liminal. Visit https://lnkd.in/ewbptUiH to learn more about them!